Did you do a sudo freshclam? The repos aren't the latest, but that doesn't hinder the definitions. If you didn't do sudo freshclam, then you don't have the latest definitions at all.
On Mon, 2008-01-21 at 07:44 +0800, umarzuki mochlis wrote: > i don't know if it's the latest or not. I just sudo apt-get install it from > ubuntu repo. Kapersky detected it. > > On Jan 20, 2008 7:00 PM, <[EMAIL PROTECTED]> wrote: > > > Send clamav-users mailing list submissions to > > clamav-users@lists.clamav.net > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of clamav-users digest..." > > > > > > Today's Topics: > > > > 1. What's this? I can't believe it! (umarzuki mochlis) > > 2. Re: What's this? I can't believe it! (Brandon Perry) > > 3. Re: What's this? I can't believe it! (Brandon Perry) > > 4. Re: What's this? I can't believe it! (Joe Clements) > > 5. Re: What's this? I can't believe it! (Michael L Torrie) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Sun, 20 Jan 2008 10:35:28 +0800 > > From: "umarzuki mochlis" <[EMAIL PROTECTED]> > > Subject: [Clamav-users] What's this? I can't believe it! > > To: clamav-users@lists.clamav.net > > Message-ID: > > <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=ISO-8859-1 > > > > I tried to scan my pendrive and got this. > > > > [EMAIL PROTECTED]:~$ sudo clamscan /media/UM4R > > [sudo] password for umarzuki: > > /media/UM4R/g2p3s.exe: OK > > /media/UM4R/t.exe: OK > > /media/UM4R/smw-1.7-setup.exe: OK > > /media/UM4R/autorun.inf: OK > > > > I believe g2p3s.exe, t.exe and autorun.inf are some sort of trojan or > > something but calm doesn't seem to detect it. > > > > -- > > Get money for each referral >> http://tinyurl.com/2pbj3p > > Beta test website for money >> http://tinyurl.com/28ge49 > > Get paid for each click! >> http://tinyurl.com/22th2y > > > > > > ------------------------------ > > > > Message: 2 > > Date: Sat, 19 Jan 2008 20:53:26 -0600 > > From: Brandon Perry <[EMAIL PROTECTED]> > > Subject: Re: [Clamav-users] What's this? I can't believe it! > > To: ClamAV users ML <clamav-users@lists.clamav.net> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain > > > > DOes Norton/AVG/McAfee detect them? What makes you think they are > > trojans? > > > > > > On Sun, 2008-01-20 at 10:35 +0800, umarzuki mochlis wrote: > > > I tried to scan my pendrive and got this. > > > > > > [EMAIL PROTECTED]:~$ sudo clamscan /media/UM4R > > > [sudo] password for umarzuki: > > > /media/UM4R/g2p3s.exe: OK > > > /media/UM4R/t.exe: OK > > > /media/UM4R/smw-1.7-setup.exe: OK > > > /media/UM4R/autorun.inf: OK > > > > > > I believe g2p3s.exe, t.exe and autorun.inf are some sort of trojan or > > > something but calm doesn't seem to detect it. > > > > > > > > > > > ------------------------------ > > > > Message: 3 > > Date: Sat, 19 Jan 2008 21:27:58 -0600 > > From: Brandon Perry <[EMAIL PROTECTED]> > > Subject: Re: [Clamav-users] What's this? I can't believe it! > > To: ClamAV users ML <clamav-users@lists.clamav.net> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain > > > > Also, what version are you using? Do you have all the definitions? > > > > On Sun, 2008-01-20 at 10:35 +0800, umarzuki mochlis wrote: > > > I tried to scan my pendrive and got this. > > > > > > [EMAIL PROTECTED]:~$ sudo clamscan /media/UM4R > > > [sudo] password for umarzuki: > > > /media/UM4R/g2p3s.exe: OK > > > /media/UM4R/t.exe: OK > > > /media/UM4R/smw-1.7-setup.exe: OK > > > /media/UM4R/autorun.inf: OK > > > > > > I believe g2p3s.exe, t.exe and autorun.inf are some sort of trojan or > > > something but calm doesn't seem to detect it. > > > > > > > > > > > ------------------------------ > > > > Message: 4 > > Date: Sun, 20 Jan 2008 04:57:43 +0000 > > From: Joe Clements <[EMAIL PROTECTED]> > > Subject: Re: [Clamav-users] What's this? I can't believe it! > > To: ClamAV users ML <clamav-users@lists.clamav.net> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Brandon Perry wrote: > > > Also, what version are you using? Do you have all the definitions? > > > > > > On Sun, 2008-01-20 at 10:35 +0800, umarzuki mochlis wrote: > > > > > >> I tried to scan my pendrive and got this. > > >> > > >> [EMAIL PROTECTED]:~$ sudo clamscan /media/UM4R > > >> [sudo] password for umarzuki: > > >> /media/UM4R/g2p3s.exe: OK > > >> /media/UM4R/t.exe: OK > > >> /media/UM4R/smw-1.7-setup.exe: OK > > >> /media/UM4R/autorun.inf: OK > > >> > > >> I believe g2p3s.exe, t.exe and autorun.inf are some sort of trojan or > > >> something but calm doesn't seem to detect it. > > >> > > >> > > > > > > _______________________________________________ > > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > > http://lurker.clamav.net/list/clamav-users.html > > > > > > > > autorun.inf is the standard windows pre installation proceedure. The > > others do look iffy, BUT they are only iffy if proved. Zip them and send > > them to your anti virus people. > > > > > > ------------------------------ > > > > Message: 5 > > Date: Sat, 19 Jan 2008 23:41:25 -0700 > > From: Michael L Torrie <[EMAIL PROTECTED]> > > Subject: Re: [Clamav-users] What's this? I can't believe it! > > To: ClamAV users ML <clamav-users@lists.clamav.net> > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=ISO-8859-1 > > > > umarzuki mochlis wrote: > > > I tried to scan my pendrive and got this. > > > > > > [EMAIL PROTECTED]:~$ sudo clamscan /media/UM4R > > > [sudo] password for umarzuki: > > > /media/UM4R/g2p3s.exe: OK > > > /media/UM4R/t.exe: OK > > > /media/UM4R/smw-1.7-setup.exe: OK > > > /media/UM4R/autorun.inf: OK > > > > > > I believe g2p3s.exe, t.exe and autorun.inf are some sort of trojan or > > > something but calm doesn't seem to detect it. > > > > A casual search of google reveals that this is most likely malware, or > > at least something that's a little bit suspicious, shipped by the > > manufacturer (a common thing these days) who probably gets paid by the > > malware vendor. It's not a virus, then, so most AV programs won't flag > > it. Obviously commercial AV programs are reluctant to classify certain > > types of "spyware" as malware because of the risk of a lawsuit from the > > vendor of the malware. > > > > http://www.computing.net/security/wwwboard/forum/22168.html > > > > > > > > > > > > > ------------------------------ > > > > _______________________________________________ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > End of clamav-users Digest, Vol 40, Issue 19 > > ******************************************** > > > > > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
